Refused to display site in an iframe, X-Frame-Options to 'SAMEORIGIN' (ok)
https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin
Last updated
Was this helpful?
https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin
Last updated
Was this helpful?
Đã ok.
Getting an error when i try to inspect element in chrome:
How to display a site inside an iframe in which the website has 'X-Frame-Options'
to 'SAMEORIGIN'
?
Web server conf,
for me i use nginx.conf
find add_header X-Frame-Options SAMEORIGIN;
and change it toadd_header X-Frame-Options "ALLOWALL";
To solve this error:
You just place this code in your .htaccess
file according to the access level you want to provide:
X-Frame-Options: deny
X-Frame-Options: sameorigin
X-Frame-Options: "allow-from https://example.com/"
To test it, just save this code in an index.html file and place in the same directory the file x-frame-bypass.js that you can download from the above Github repository.
Asked 6 years agoActive Viewed 31k times52
Refused to display '' in a frame because it is set 'X-Frame-Options'
to 'SAMEORIGIN'
.
I tried searching on google but I could not find any proper solution, some are for asp.net only. follow 2,1411919 silver badges3131 bronze badgesasked Jun 26 '14 at 1:5326322 gold badges77 silver badges1919 bronze badges
Possible duplicate of –
3
Your web server sends the header and blocks the content. You should probably change this setting to Allow from same origin. follow answered Jul 30 '14 at 6:0778788 silver badges88 bronze badges
4From where we should change this settings. –
1
.
follow 34.2k88 gold badges6565 silver badges8080 bronze badgesanswered Jan 14 '19 at 14:137144 bronze badges0
Me too I had a similar problem. Loading my web page into an iframe on another website I was getting this error: Refused to display '' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
I've solved using this web component that allow an IFrame to bypass the X-Frame-Options: deny/sameorigin response header.
Since Safari doesn't support Customized built-in elements, I've added an extra script that allow the support.
follow answered Jan 22 '19 at 14:441,22199 silver badges3030 bronze badges
3Danger: This script works by passing everything through a proxy server. All data will be visible to the controller of the proxy server (including any login credentials submitted through the iframe). It depends on the proxy server being live (and open proxies like this tend to just strain under ever increasing load until they die and break your site which depends on them). Using a proxy to bypass X-Frame-Options dips into risky intellectual property territory too: you risk getting sued for copyright infringement. –